Coffs Coast businesses managed to avoid last month’s worldwide ransomware attack (to the best of our knowledge). The attack was spectacular in size, hitting over 200,000 people in at least 150 countries, including at least 5 Australian businesses – so we were lucky.
Ransomware is usually delivered to your computer through an email that looks like it is from someone you know. The virus locks down your computer and then demands payments before your data will be released. It can then worm its way into other computers in your network, locking up your entire business. Whether or not you pay the ransom the potential costs to your business in terms of disruption are enormous.
With this latest attack the National Health Service in the UK was forced to cancel operations in its hospitals after their computers were affected. What would be the impact on your business?
This is yet another wake up call for all business owners. Regardless of your size, cyber security is a critical part of good business management. Here is a checklist of security measures you should make sure your business has implemented.
- Install reputable anti-virus software and keep it up to date across all computers in your network.
- Run regular security awareness campaigns amongst your staff, stressing the need to avoid clicking on links and attachments in emails.
- Back up daily, either to the cloud or local storage devices. If using local storage ensure you remove the external storage device once backup has been completed so if the Ransomware infects your computer it can’t get to your backup drive.
- Patch your software with the latest updates as soon as possible.
- Restrict staff administrative right. Limit the ability of employees who do not need the authority to install software and limited the access of employees to data they need to access.
- Restrict your own administrative privileges. Avoid browsing, opening documents or other day-to-day work activities while you are logged in as an administrator.
- Have a social media policy in place that limits work related information, such as job titles, from being posted on social media. Often the email attack is facilitated by information gathered through social media.